IPv6 tunnel inherits MTU based on physical interface
The MTU of an IPv6 tunnel interface is calculated from the MTU of its parent interface minus headers.
Example
In this topology, FortiGate B and FortiGate D are connected over an IPv6 network. An IPv6 tunnel is formed, and IPv4 can be used over the IPv6 tunnel. The tunnel interface MTU is based on the physical interface MTU minus the IP and TCP headers (40 bytes). On FortiGate B's physical interface port5, the MTU is set to 1320. The IPv6 tunnel is based on port5, and its MTU value of 1280 is automatically calculated from the MTU value of its physical interface minus the header. The same is true for port3 on FortiGate D.
To verify the MTU for the IPv6 tunnel on FortiGate B:
- Configure port5:
config system interface edit "port5" set vdom "root" set type physical set snmp-index 7 config ipv6 set ip6-address 2000:172:16:202::1/64 set ip6-allowaccess ping end set mtu-override enable set mtu 1320 next end
- Configure the IPv6 tunnel:
config system ipv6-tunnel edit "B_2_D" set source 2000:172:16:202::1 set destination 2000:172:16:202::2 set interface "port5" next end
- Configure the tunnel interface:
config system interface edit "B_2_D" set vdom "root" set ip 172.16.210.1 255.255.255.255 set allowaccess ping https http set type tunnel set remote-ip 172.16.210.2 255.255.255.255 set snmp-index 33 config ipv6 set ip6-address 2000:172:16:210::1/64 set ip6-allowaccess ping config ip6-extra-addr edit fe80::2222/10 next end end set interface "port5" next end
- Verify the interface lists:
# diagnose netlink interface list port5 if=port5 family=00 type=1 index=13 mtu=1320 link=0 master=0 ref=68 state=start present fw_flags=0 flags=up broadcast run multicast Qdisc=mq hw_addr=**:**:**:**:**:** broadcast_addr=**:**:**:**:**:** stat: rxp=1577 txp=1744 rxb=188890 txb=203948 rxe=0 txe=0 rxd=0 txd=0 mc=825 collision=0 @ time=1631647112 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=68
# diagnose netlink interface list B_2_D if=B_2_D family=00 type=769 index=41 mtu=1280 link=0 master=0 ref=25 state=start present fw_flags=0 flags=up p2p run noarp multicast Qdisc=noqueue local=0.0.0.0 remote=0.0.0.0 stat: rxp=407 txp=417 rxb=66348 txb=65864 rxe=0 txe=61 rxd=0 txd=0 mc=0 collision=60 @ time=1631647126 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=25
To verify the MTU for the IPv6 tunnel on FortiGate D:
- Configure port3:
config system interface edit "port3" set vdom "root" set type physical set snmp-index 5 config ipv6 set ip6-address 2000:172:16:202::2/64 set ip6-allowaccess ping end set mtu-override enable set mtu 1320 next end
- Configure the IPv6 tunnel:
config system ipv6-tunnel edit "D_2_B" set source 2000:172:16:202::2 set destination 2000:172:16:202::1 set interface "port3" next end
- Configure the tunnel interface:
config system interface edit "D_2_B" set vdom "root" set ip 172.16.210.2 255.255.255.255 set allowaccess ping https http set type tunnel set remote-ip 172.16.210.1 255.255.255.255 set snmp-index 36 config ipv6 set ip6-address 2000:172:16:210::2/64 set ip6-allowaccess ping config ip6-extra-addr edit fe80::4424/10 next end end set interface "port3" next end
- Verify the interface lists:
# diagnose netlink interface list port3
# diagnose netlink interface list D_2_B